Using Certificates with Web Browsers
Part:
1
2
3
(Continued from previous part...)
Once exported, we can view the certificate with OpenSSL:
>openssl x509 -in \verisign.cer -inform DER -noout -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Cer
tification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorize
d use only, OU=VeriSign Trust Network
Validity
Not Before: May 18 00:00:00 1998 GMT
Not After : Aug 1 23:59:59 2028 GMT
Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Cer
tification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized
use only, OU=VeriSign Trust Network
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cc:5e:d1:11:5d:5c:69:d0:ab:d3:b9:6a:4c:99:
1f:59:98:30:8e:16:85:20:46:6d:47:3f:d4:85:20:
84:e1:6d:b3:f8:a4:ed:0c:f1:17:0f:3b:f9:a7:f9:
25:d7:c1:cf:84:63:f2:7c:63:cf:a2:47:f2:c6:5b:
33:8e:64:40:04:68:c1:80:b9:64:1c:45:77:c7:d8:
6e:f5:95:29:3c:50:e8:34:d7:78:1f:a8:ba:6d:43:
91:95:8f:45:57:5e:7e:c5:fb:ca:a4:04:eb:ea:97:
37:54:30:6f:bb:01:47:32:33:cd:dc:57:9b:64:69:
61:f8:9b:1d:1c:89:4f:5c:67
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
51:4d:cd:be:5c:cb:98:19:9c:15:b2:01:39:78:2e:4d:0f:67:
70:70:99:c6:10:5a:94:a4:53:4d:54:6d:2b:af:0d:5d:40:8b:
64:d3:d7:ee:de:56:61:92:5f:a6:c4:1d:10:61:36:d3:2c:27:
3c:e8:29:09:b9:11:64:74:cc:b5:73:9f:1c:48:a9:bc:61:01:
ee:e2:17:a6:0c:e3:40:08:3b:0e:e7:eb:44:73:2a:9a:f1:69:
92:ef:71:14:c3:39:ac:71:a7:91:09:6f:e4:71:06:b3:ba:59:
57:26:79:00:f6:f8:0d:a2:33:30:28:d4:aa:58:a0:9d:9d:69:
91:fd
Very nice. Right? A self-signed certificate from VeriSign Inc., valid until year 2028.
- A self-signed certificate from VeriSign Inc., valid until year 2028.
- The certificate file format is DER, not PEM. You need to use "-inform DER" with the OpenSSL
command.
Of course, we can export the certificate out of IE, and save it in PEM formation. Just select
"Base-64 encoded X.509 (.CER)" as the export file format in step 7.
Importing Certificates into IE
To test importing certificates into IE, let's reuse the certificates created previously in this book.
- herong.crt - self-signed by Herong.
- john.crt - signed by Herong.
- bill.crt - signed by John.
- tom.crt - signed by John.
Here are the steps to import herong.crt into IE:
1. Open IE 6.0, and go to the "Tools / Internet Options..." menu option. The Internet Options dialog box shows up.
2. Go to the Content tab, and click the "Certificates..." button in the Certificates section.
The Certificates dialog box shows up.
3. Go to "Trusted Root Certification Authorities" tab, and click the "Import..." button. The Certificate Import Wizard shows up.
4. Clik Next, and enter herong.crt.
5. Clik Next, then click Finish. herong.crt is now imported into IE as a trusted root certificate.
Repeat the import process again to import john.crt, bill.crt, and tom.crt into the "Intermediate Certificate Authorities" tab.
Now if you view the "Tom Bush" certificate in IE, the certification path will be displayed as
"Herong Yang" --> "John Smith" --> "Bill White" --> "Tom Bush".
(Continued on next part...)
Part:
1
2
3
|